DekuSMS-Android icon indicating copy to clipboard operation
DekuSMS-Android copied to clipboard

Published 20 hours ago verified publisher icon deku-messaging

E2EE implementation for other SMS apps

Open octoshrimpy opened this issue 10 months ago • 8 comments

Hi! Would love to integrate the E2EE as an optional system into quik. I've been thinking about how to do it on my own for a while, and best I came to was to use stegcloak for hiding the keys within a single SMS. that would allow the handshake to happen completely behind the scenes, with only a couple prompts for the user: e2ee requested: continue? ignore?

I think what you have here with deku is very special and if implemented on more FOSS SMS apps, could be a good direction for privacy of general public. Would love to chat about this more. :)

octoshrimpy avatar Jan 29 '25 16:01 octoshrimpy

Hello, I agree with more FOSS SMS apps having access to E2EE it would go a long way in providing more security for the general public. I believe not just having E2EE security, but achieving interoperability between the apps.

DekuSMS currently uses Signal's Double Ratchet Encryption. Should in case you are comfortable with the protocol, we can discuss more on implementation for both Quik and interoperability. Thanks for reaching out

sherlockwisdom avatar Feb 04 '25 18:02 sherlockwisdom

I'm familiar with double-ratchet but need to refresh my knowledge for sure. Thoughts on stegcloak for handshake vs extra sms with headers?

octoshrimpy avatar Feb 04 '25 21:02 octoshrimpy

I've never used Stegcloak before but it seems it may not be best for SMS as certain Unicode characters take up 2 bytes than 1.

Deku uses data channels for handshake rather than SMS and not up to a full SMS (~50 bytes for unencrypted headers). Would love to hear more about how you plan on working with Stegcloak and if you've tried it on plain SMS

sherlockwisdom avatar Feb 04 '25 23:02 sherlockwisdom

I haven't implemented yet, but the thought was to avoid data and stick to SMS (can't guarantee user has data plan). the chances of someone starting a conversation with the SMS message limit are very very low, so use the remaining space to start sending stegcloak data. could even be split across a few SMS now that I think about it.

octoshrimpy avatar Feb 05 '25 16:02 octoshrimpy

SMS data channels doesn't require an internet connection. It's SMS, but rather than plaintext it transmits raw bytes - some folks refer to this as invisible SMS

sherlockwisdom avatar Feb 05 '25 16:02 sherlockwisdom

aaah I am not familiar with that. Doing some reading now. does it count towards the user's SMS limit with their carrier?

octoshrimpy avatar Feb 05 '25 16:02 octoshrimpy

I am looking into this project and i love how good both apps are. Have you looked into silence app No longer maintained but i have used this and it use handshake over text just sends pub key and after that all messages are encrypted https://github.com/SilenceIM/Silence

olumolu avatar Jun 18 '25 11:06 olumolu

does it [sms data channel] count towards the user's SMS limit with their carrier

According to a pop up in deku SMS, it does.

Velocifyer avatar Aug 23 '25 23:08 Velocifyer